Superantispyware löytää jatkuvasti tälläisiä...

Olen ajanut superantispyware ohjelmaa ja jatkuvasti kone löytää 3kpl commonname toolbar/browser helper objekteja

Kun ne on laitettu karanteeniin ja kone uudellen käynnistetty ja ohjelmalla scannattu niin olla töröttää nuo samat objektit koneella....tuleeko ne aina jostain uudestaan vai eikö ohjelma niitä kuitenkaan käsittele?

Yritin googlata,mutta heittää pitkälti lontoonkielisille sivuille,eikä lontoo oikein käänny savoksi

Onko nuo ylipäätään vaarallia lainkaan?

Käyttis vista home premium

Kiitos

 

Kokeiles ajaa Malwarebytes Anti-malware, josko se suostus poistaa ne. Tässä linkki josta voit lataa sen. Päivitä aina ennen scannia!

 

Malvwarebytesiä on ajettu urakalla (päivitetty) ,ei löydä mitään,mutta tässä raportti,ainoastaan eset nod 32 (virustutka) oli päällä tutkimisen aikana

ComboFix 09-11-05.05 - heppu1000 07.11.2009 0:25.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.358.1035.18.3070.1993 [GMT 2:00]
Sijainti: c:\users\heppu1000\Documents\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Virustorjunnan taustasuojaus on päällä

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-10-06 to 2009-11-06 )))))))))))))))))
.

2009-11-06 22:31 . 2009-11-06 22:31 -------- d-----w- c:\users\heppu1000\AppData\Local\temp
2009-11-06 22:31 . 2009-11-06 22:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-06 22:31 . 2009-11-06 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-06 18:21 . 2009-11-06 18:21 -------- d-----w- c:\program files\ESET
2009-11-05 16:45 . 2009-11-05 16:46 -------- d-----w- c:\users\heppu1000\AppData\Local\Adobe
2009-10-27 19:09 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:09 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-16 09:06 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 09:06 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 09:06 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 09:05 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 09:05 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 09:05 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-12 03:16 . 2009-10-12 03:28 4096 d-----w- c:\program files\Audacity
2009-10-11 17:02 . 2009-10-12 03:18 4096 d-----w- c:\program files\Lame for Audacity
2009-10-10 20:18 . 2009-10-11 17:04 -------- d-----w- c:\users\heppu1000\AppData\Roaming\Audacity

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 21:49 . 2009-06-02 07:23 4096 d-----w- c:\users\heppu1000\AppData\Roaming\Skype
2009-11-06 21:44 . 2009-08-22 18:13 -------- d-----w- c:\users\heppu1000\AppData\Roaming\Spotify
2009-11-06 21:34 . 2007-10-03 00:44 80514 ----a-w- c:\windows\system32\perfc00B.dat
2009-11-06 21:34 . 2007-10-03 00:44 435388 ----a-w- c:\windows\system32\perfh00B.dat
2009-11-06 19:21 . 2009-07-29 19:34 117760 ----a-w- c:\users\heppu1000\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-06 19:18 . 2009-06-03 18:38 1698 ----a-w- c:\users\heppu1000\AppData\Roaming\wklnhst.dat
2009-11-06 19:11 . 2009-05-28 15:56 4096 d-----w- c:\users\heppu1000\AppData\Roaming\skypePM
2009-11-04 16:27 . 2009-09-04 16:17 -------- d-----w- c:\users\heppu1000\AppData\Roaming\IObit
2009-11-01 19:15 . 2009-08-15 07:24 8192 d-----w- c:\users\heppu1000\AppData\Roaming\uTorrent
2009-11-01 19:03 . 2009-07-14 22:03 8192 d-----w- c:\programdata\CanonIJPLM
2009-10-31 16:02 . 2009-10-04 10:39 4096 d-----w- c:\users\heppu1000\AppData\Roaming\vlc
2009-10-31 15:14 . 2009-05-24 21:30 72192 ----a-w- c:\users\heppu1000\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-30 23:10 . 2007-10-02 14:44 4096 d-----w- c:\program files\Roxio
2009-10-30 23:10 . 2007-10-02 14:44 4096 d-----w- c:\program files\Common Files\Roxio Shared
2009-10-30 22:54 . 2007-10-02 14:40 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-10-30 22:52 . 2009-08-25 14:45 -------- d-----w- c:\program files\Unity
2009-10-28 19:17 . 2009-07-29 19:33 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 15:14 . 2009-08-15 14:59 8192 d-----w- c:\users\heppu1000\AppData\Roaming\dvdcss
2009-10-24 21:34 . 2009-06-17 19:46 -------- d-----w- c:\programdata\WinZip
2009-10-24 14:38 . 2007-10-02 14:59 -------- d-----w- c:\program files\Google
2009-10-17 15:10 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-01 07:29 . 2009-10-02 16:47 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 05:54 . 2009-09-29 05:49 -------- d-----w- c:\programdata\Norton
2009-09-29 05:49 . 2009-09-29 05:49 -------- d-----w- c:\programdata\Symantec
2009-09-28 18:09 . 2009-07-17 20:05 -------- d-----w- c:\users\heppu1000\AppData\Roaming\gtk-2.0
2009-09-28 18:01 . 2009-07-14 22:21 -------- d-----w- c:\programdata\CanonIJ
2009-09-20 08:44 . 2009-09-20 08:44 -------- d-----w- c:\program files\LucasArts
2009-09-18 22:24 . 2009-09-18 22:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-18 22:24 . 2007-10-02 14:53 -------- d-----w- c:\program files\Java
2009-09-18 19:43 . 2009-06-09 19:47 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 19:43 . 2009-06-23 17:11 4045528 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 05:26 . 2009-09-11 05:26 95896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-09-11 05:23 . 2009-09-11 05:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-11 05:17 . 2009-09-11 05:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-10 11:54 . 2009-06-09 19:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 11:53 . 2009-06-09 19:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 12:04 . 2009-09-06 12:04 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-06 10:51 . 2009-05-25 08:01 48747 ----a-w- c:\programdata\nvModes.dat
2009-09-03 14:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-29 00:27 . 2009-09-03 11:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 11:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-22 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-22 19:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-22 19:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-22 19:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-25 14:45 . 2009-08-12 17:52 1356 ----a-w- c:\users\heppu1000\AppData\Local\d3d9caps.dat
2009-08-14 16:27 . 2009-09-10 15:37 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 15:37 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 15:37 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 15:37 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 15:37 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 15:37 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 15:37 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 15:37 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 15:37 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 15:37 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 15:37 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-12 17:55 . 2009-08-12 17:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2007-10-03 01:02 . 2007-10-03 00:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-11-06_21.22.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-06 21:27 . 2009-11-06 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-06 18:05 . 2009-11-06 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-06 21:27 . 2009-11-06 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-06 18:05 . 2009-11-06 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\heppu1000\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-25 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"V0230Mon.exe"="c:\windows\System32\V0230Mon.exe" [2006-07-19 36961]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"V0230Cfg.exe"="V0230Cfg.exe" - c:\windows\V0230Cfg.exe [2006-03-15 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-28 19:17 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):92,da,02,6d,a5,2c,ca,01

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.7.2009 9:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.7.2009 9:53 74480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11.9.2009 7:24 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [11.9.2009 7:26 95896]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2.10.2007 16:53 198240]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\System32\drivers\HCW85BDA.sys [2.10.2007 16:39 968064]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [26.2.2008 8:17 493568]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.7.2009 9:53 7408]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.3.2009 12:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.3.2009 12:48 8320]
S3 V0230Vfx;V0230Vfx;c:\windows\System32\drivers\V0230Vfx.sys [2.6.2009 8:34 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\System32\drivers\V0230VID.sys [2.6.2009 8:34 498464]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
'Ajoitetut tehtävät'-kansion sisältö

2009-11-06 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-09-04 06:55]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032475782-4161163969-468228600-1000Core.job
- c:\users\heppu1000\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 06:51]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032475782-4161163969-468228600-1000UA.job
- c:\users\heppu1000\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 06:51]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.iltalehti.fi/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 00:31
Windows 6.0.6002 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x851221F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x851211f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Valmistumisajankohta: 2009-11-06 0:33
ComboFix-quarantined-files.txt 2009-11-06 22:33
ComboFix2.txt 2009-11-06 21:24

Ennen ajoa: 173 235 482 624 tavua vapaana
Ajon jälkeen: 173 206 605 824 tavua vapaana

- - End Of File - - F3A3EBF9EFF51E848E157D10D48AB40D

 

Logi on aina kullanarvoinen löytö.

Mahdollisia allekirjoittamattomia ajureita(?). Koneella useita virustorjuntoja samaan aikaan tai jämiä niistä(?).

1. Lataa HJTInstall.exe
2. Tallenna ja asenna Hijackthis.
3. Käynnistä HijackThis.
4. Aja "Do a system scan and save a logfile". ÄLÄ paina Analyse This-nappulaa, ÄLÄKÄ yritä itse korjata mitään.
5. Kopioi Muistioon avautuva logi.

Lisää Hjt- ja mbam- logi, joko Afterdawnin Hjt-alueelle tai Virustorjunta.net:iin.

HUOM! Oman hyödyn takia kuuntele ainoastaan fixaajien neuvoja login suhteen!